NOTREACHED() and NOTREACHED_IN_MIGRATION() are both CHECK-fatal now.
The former is [[noreturn]] so this CL also performs dead-code removal
after the NOTREACHED().
This CL does not attempt to do additional rewrites of any surrounding
code, like:
if (!foo) {
NOTREACHED();
}
to CHECK(foo);
Those transforms take a non-trivial amount of time (and there are
thousands of instances). Cleanup can be left as an exercise for the
reader.
This does clean up kCrashOnDanglingBrowserContext as both paths of the
kill switch are currently fatal. This has been rolled out for a long
time.
Bug: 40580068, 40062641
Change-Id: Ib88e710d003e2e48df3fc502ca54d2341d157a0e
Cq-Include-Trybots: luci.chromium.try:linux-dcheck-off-rel
Low-Coverage-Reason: OTHER Should-be-unreachable code
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5974816
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
Auto-Submit: Peter Boström <pbos@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1376522}
This sandbox type is not used in any released version of
Chrome and is not tested on the CQ so we cannot be
certain going forward that the sandbox is effective.
If developers use `enable_ppapi=true` the ppapi host
process will now be unsandboxed. This is not a security
regression as the flag is not intended for use in
released versions of Chrome.
A guard is added to ppapi/build.gn to ensure this configuration
cannot be enabled in official Chrome builds.
Bug: 40511450, b/303417958
Change-Id: Iefbd866727da02aa1baf3ab08b5b20d2d62c7279
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5840808
Reviewed-by: Derek Schuff <dschuff@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1359238}
Using base::shared_memory::AddToLaunchParameters() to
send config in a shmem at child process creation.
Related changes:
- Some reordering of operations in early startup to ensure dependencies
are in place.
- TraceStartupConfig holds a perfetto::TraceConfig instead of
a base::TraceConfig
Change-Id: Ic10f5e7cda39cd953bda5f08b617c4e4568a7773
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5581006
Reviewed-by: Mikhail Khokhlov <khokhlov@google.com>
Reviewed-by: Eric Seckler <eseckler@chromium.org>
Commit-Queue: Etienne Pierre-Doray <etiennep@chromium.org>
Reviewed-by: Dave Tapuska <dtapuska@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1320942}
Fixes test failure when machine is not in "America/Los_Angeles" time
zone.
Before this CL, ScopedTimeZone was changing the ICU's time zone to
America/Los_Angeles, and was adding kTimeZoneForTesting to command-line
so time zone was propagated to newly spawned renderer processes.
But TimeZoneMonitor is platform-specific and reads the current time
zone from the OS. It sends that time zone to each its client (renderer
process) and it was replacing the testing time zone
(America/Los_Angeles) with the OS time zone in the renderer process.
This CL introduces FakeTimeZoneMonitor which doesn't read the time zone
from the OS. It doesn't change the current ICU's time zone but still
sends it to newly spawned renderer processes. This makes
kTimeZoneForTesting switch redundant.
ScopedTimeZone changes the time zone but now also overrides the
TimeZoneMonitor binder in DeviceService so FakeTimeZoneMonitor is
created instead of the real TimeZoneMonitor. DeviceService and
TimeZoneMonitor are created very early during the test setup and we
need to override binder before that happens. It's too late to override
TimeZoneMonitor binder in ViewerPropertiesDialog test case because the
real TimeZoneMonitor already exists at this point and
FakeTimeZoneMonitor won't be created and used.
TEST=All/PDFExtensionPacificTimeZoneJSTest.ViewerPropertiesDialog/*
Bug: 340983077
Change-Id: I499763675d879b764e848e5358813c111adce9e8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5542444
Reviewed-by: Dave Tapuska <dtapuska@chromium.org>
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Reviewed-by: Andy Phan <andyphan@chromium.org>
Commit-Queue: Tomasz Moniuszko <tmoniuszko@opera.com>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Colin Blundell <blundell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1305535}
This was generated by replacing " NOTREACHED()" with
" NOTREACHED_IN_MIGRATION()" and running git cl format.
This prepares for making NOTREACHED() [[noreturn]] alongside
NotReachedIsFatal migration of existing inventory.
Bug: 40580068
Change-Id: I3b48b89911ac5e9ffcb211622992f917f8f9e8d9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5539619
Auto-Submit: Peter Boström <pbos@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Owners-Override: Lei Zhang <thestig@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Peter Boström <pbos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1301096}
This is to permit calling from chrome-agnostic locations including GPU
and crashpad.
Original revert was because we were accessing FeatureList in the
crashpad process, which does not create a FeatureList. The crash was
fixed with a new check to ensure a FeatureList is created before
checking for the ExpandedPrefetchRange feature; otherwise, proceed as if
the feature is disabled.
This is a sufficient solution, because the startups which were seen to
cause issues (crashpad and crashpad fallback, prefetch slots 4 and 7
respectively) are not changed under ExpandedPrefetchRange, and so
the feature need not be initialized for those launches.
Bug: 40946432, 325307453
Change-Id: Ia056650cf59c82b4a09608cdfefdf47515d7e7d6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5420149
Commit-Queue: Sean Maher <spvw@chromium.org>
Reviewed-by: Alexander Timin <altimin@chromium.org>
Reviewed-by: Sylvain Defresne <sdefresne@chromium.org>
Reviewed-by: Greg Thompson <grt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1291364}
This reverts commit 6e04f2a49c.
Reason for revert: crash on Windows
[0227/095220.580:FATAL:feature_list.cc(108)] Check failed: !feature. Accessed feature ExpandedPrefetchRange before FeatureList registration.
Original change's description:
> Reland: Move windows prefetch code to //components/app_launch_prefetch
>
> This relands crrev.com/c/5238168. It fixes the bug where the FeatureList
> was accessed from Crashpad before initialization during certain tests.
>
> This is to permit calling from chrome-agnostic locations including GPU
> and crashpad.
>
> Bug: 40946432, 325307453
> Fixed: 325473318
> Change-Id: I5861968256fb1e857423e3f92adfea195914ed7e
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5317853
> Reviewed-by: Sylvain Defresne <sdefresne@chromium.org>
> Commit-Queue: Sean Maher <spvw@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1265282}
Bug: 40946432, 325307453
Change-Id: Id1ee64c03bde07490be29caa868d5b032a1aee7a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5323354
Auto-Submit: Peng Huang <penghuang@chromium.org>
Commit-Queue: Peng Huang <penghuang@chromium.org>
Reviewed-by: Alexander Timin <altimin@chromium.org>
Reviewed-by: Peng Huang <penghuang@chromium.org>
Reviewed-by: Greg Thompson <grt@chromium.org>
Reviewed-by: Sylvain Defresne <sdefresne@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1266672}
This relands crrev.com/c/5238168. It fixes the bug where the FeatureList
was accessed from Crashpad before initialization during certain tests.
This is to permit calling from chrome-agnostic locations including GPU
and crashpad.
Bug: 40946432, 325307453
Fixed: 325473318
Change-Id: I5861968256fb1e857423e3f92adfea195914ed7e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5317853
Reviewed-by: Sylvain Defresne <sdefresne@chromium.org>
Commit-Queue: Sean Maher <spvw@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1265282}
The /prefetch parameter is used to differentiate different file
access patterns for the same process name. The range was 1..8,
it is now 1..16 for Windows 11 and later allowing for better
process separation, especially for renderers, and utility processes.
Bug: 1505793
Change-Id: I3adefbb3e220e7113b320a14fd298329d1dddcbd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5024734
Reviewed-by: Gabriel Charette <gab@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Joe Laughlin <joel@microsoft.com>
Reviewed-by: Etienne Bergeron <etienneb@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Greg Thompson <grt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1243674}
Renames PepperPluginInfo to ContentPluginInfo, in order to reflect that
this struct no longer is used only with PPAPI.
The name ContentPluginInfo was chosen because the name PluginInfo is
overloaded already for 3 different types in Chromium. The name also
emphasizes that this type supports the //content layer specifically.
Most of this change is mechanical, with the following exceptions:
1. Some other names have been changed to drop references to Pepper, such
as renaming ContentClient::AddPepperPlugins() to
ContentClient::AddPlugins(). Note that Pepper-specific functions like
MakePepperPluginInfo() intentionally still mention Pepper.
2. Refactored PluginManager::UpdatePluginListWithNaClModules() to use
range-based "for" loops, instead of iterators.
Bug: 1344644
Change-Id: I9b8596f6a53593ed7c4b7e06a266b57c82b0d9bb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3835746
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Commit-Queue: K. Moon <kmoon@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1040827}
ppapi::PpapiPermissions are not used by the delegate and it is
unlikely that they will be used in future. The parameter can be
removed.
Bug: 1270309
Tests: content_unittests --gtest_filter=PpapiPluginSandboxSettings*
Change-Id: Ib3173a314bdec9fb158850b361b433c2305a3432
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3553188
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#987291}
This refactors FieldTrial to simplify its public API and unify it
across all platforms so every public method has the same signature on
every platform.
This simplifies the call sites in the content layer by removing
per-platform specific call sites in favor of unified calls and moving
some of the logic done in //content to //base. In particular, command
line switches used only by FieldTrial have been moved to //base, from
//content. They are also no longer passed as parameters to the public
API of FieldTrial.
In addition, this adds supports for shared-memory distribution of
FieldTrial configuration to child processes on Fuchsia. This is
achieved by duplicating the handle for the VMO backing the FieldTrial
configuration in the parent process and passing it to the child
process startup handles.
This also changes the Windows child process launcher logic to make use
of the provided LaunchOptions argument, rather than initializing a new
object.
Finally, this cleans up header usage in //base/metrics/field_trial.h
and fixes missing includes in various parts of the code base.
Bug: 752368, 1262370
Change-Id: I9b0836b467790f1da96d85fe16a6e2c6d334f709
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3230582
Commit-Queue: Fabrice de Gans <fdegans@chromium.org>
Reviewed-by: Wez <wez@chromium.org>
Reviewed-by: Alexei Svitkine <asvitkine@chromium.org>
Reviewed-by: Primiano Tucci <primiano@chromium.org>
Reviewed-by: Theresa <twellington@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Cr-Commit-Position: refs/heads/main@{#938902}
sandbox.mojom.Sandbox can now be used as the sandbox type so we
replace it everywhere.
The guts of the change are in //sandbox/policy/sandbox_type.h where
SandboxType is now deleted, and //sandbox/policy/mojom/sandbox.mojom
where sandbox types that are not already used in mojom ServiceSandbox
attributes are added.
Some cascading changes:-
- kService wasn't implemented on Mac (as it is equivalent to kUtility).
As we cannot alias enum fields in mojo like we can in C++ I have added
kService for Mac. The alternative is to define platform specific
ServiceSandbox attributes for all kService interfaces which seems to
put this complexity in the wrong place.
- sandbox_type.h included a number of buildflag headers that other files
then relied on. As sandbox_type.h is no longer needed in many places
and no longer needs these defines, they have been introduced where
required.
- sandbox::mojom::Sandbox is forward declared in a couple of headers
that are widely imported, hopefully reducing the number of times the
mojom.h is included but not used.
- some build deps must be modified.
- LibAssistantService needs a sandbox to be defined even when hosted
in process, so has kNoSandbox now when enable_cros_libassistant is
false.
Bug: 1210301
Change-Id: I13fa4fa8cbbb3090a38806fe5532787bbdf1e2fb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3213677
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Sean Topping <seantopping@chromium.org>
Reviewed-by: Filip Gorski <fgorski@chromium.org>
Reviewed-by: Derek Schuff <dschuff@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Tao Wu <wutao@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: David Dorwin <ddorwin@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#934126}
This replaces DISALLOW_COPY_AND_ASSIGN with explicit constructor deletes
where a local script is able to detect its insertion place (~Foo() is
public => insert before this line).
This is incomplete as not all classes have a public ~Foo() declared, so
not all DISALLOW_COPY_AND_ASSIGN occurrences are replaced.
IWYU cleanup is left as a separate pass that is easier when these macros
go away.
Bug: 1010217
Change-Id: Iea478401b7580682c7b9f195f7af9cbbdb6ce315
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3167292
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Owners-Override: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Peter Boström <pbos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#923194}
base::size() has been moved to base/cxx17_backports.h, so .cc files that
use base::size(), but no other function from base/stl_util.h, can
directly include base/cxx17_backports.h and not base/stl_util.h.
Bug: 1210983
Change-Id: I42a598a9c2b8fcbfd1e225329109ae3308bd9518
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2915348
Reviewed-by: Camille Lamy <clamy@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/master@{#886358}
The base::test::ScopedRestoreDefaultTimezone class works fine for
single-process tests, and for multi-process tests on Linux. On Linux,
where zygotes are normally enabled, zygotes will pass the browser time
zone to newly spawned processes, but this is an implementation detail.
To make scoped time zone changes work across platform, add a new
content::ScopedTimeZone class that:
1) Wraps base::test::ScopedRestoreDefaultTimezone.
2) Changes the command line within its scope to have
--time-zone-for-testing=new_zoneid.
Then change child processes to read the value of this command line
switch and apply it. Use it in pdf_extension_test.cc to make a test case
more reliably pass independent of the host machine's time zone.
Note that the scoper only affects the running process and any child
processes it creates. Other existing processes are not affected.
Bug: 1199021
Change-Id: I18f82007598e37a873126cb0716c8321d159ef8f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2795988
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#872683}
Certificate parsing now doesn't depend on the OS so can happen in child processes. To avoid introducing a dependency on net/ in NaCl, make this private API not be part of NaCl since it was added for Flash. It looks like this can be removed as a result, but I'll leave this as a separate task in bug 1064652 along other Flash-only APIs.
This allows removal of BrowserMessageFilter for non-renderer child processe, since as implemented now they don't work with ChildProcessHostImpl.
Bug: 904556
Change-Id: Ic4ea8871097eb69108e484ab6f8ec6c868aff38a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2808690
Reviewed-by: Bill Budge <bbudge@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Commit-Queue: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/master@{#870202}
The existing mitigation flag is per-thread, so this offers stronger
protections. The thread-specific mitigation will remain enabled in
order to support older macOS versions. The new process-wide flag does
not conflict with it (task takes precedence over thread).
The posix_spawnattr option is used instead of the libproc API, because
the latter requires permitting (allow system-sched (target self)) in the
sandbox, which would grant additional capabilities beyond the CPU
mitigations control.
Bug: 1129602
Change-Id: I876f2aae3a3e26a622c67ad181efbdfd91fa8b76
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2722913
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#858301}
This CL removes the support for redirecting the OPM APIs when running
under Win32K lockdown. These were added to allow Flash to enable HDCP
and with Widevine moving to a utility process are no longer required.
Bug: 1148912
Change-Id: Ia5ec0cd54d9ae6fec28b5603693ffde7c725f194
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2536847
Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Commit-Queue: James Forshaw <forshaw@chromium.org>
Cr-Commit-Position: refs/heads/master@{#827960}
Flag is no longer required (e.g. no reports in crash/).
Lockdown is only enabled if supported so it is not necessary to check
for support before enabling lockdown. However, some parts of the code
behave differently on Windows 7 where lockdown is not supported so
checks are now made on the platform version.
bug: 1059451
Change-Id: Ib3cd6311bfd5374c130f17c84ce9bdfb82512614
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2268538
Reviewed-by: Camille Lamy <clamy@chromium.org>
Reviewed-by: Raymes Khoury <raymes@chromium.org>
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#787288}
Originally the sandbox policies lived in //content, but with
servicification this would create unwanted dependencies between
//services and //content. Instead, create a new //sandbox/policy
library to hold the sandbox integration code. This library can depend
on the low-level //sandbox routines, but not nice versa.
Tbr: ajgo@chromium.org (mechanical change rule)
Bug: 1097376
Change-Id: I1ca9ac0015a625197f2d3aae104e8f7aa78dcfd9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2272609
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#786385}
Note to QA: This CL is purely mechanical and shouldn't be blamed
for future regressions on touched files.
This is a follow-up to https://chromium-review.googlesource.com/c/chromium/src/+/2211138
which already removed all usage using content::BrowserThread.
Hence this script now matches unqualified BrowserThread:: without
risking having "content::" be selected as "traits_before" by the regex
(ran on same revision as step #1).
content:: is now always added if outside namespace content {}
(deleting unused using content::BrowserThread; decls)
Script @ https://crbug.com/1026641#c92
(will TBR fdoray@ post-review for mechanical change)
TBR=fdoray@hchromium.org
AX-Relnotes: n/a.
Bug: 1026641
Change-Id: I51ae2f83eb17d19b54563fd9b4fc040d2aa0c948
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2212469
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: François Doray <fdoray@chromium.org>
Cr-Commit-Position: refs/heads/master@{#772458}
Removes unused kNaClLoader (was PROCESS_TYPE_NACL_LOADER)
from Windows as these are in fact Ppapi (PPAPI) sandbox types.
Removes unused values from SandboxType enum and replaces default cases.
SandboxType is not used for iteration so these boundary values are removed
from the SandboxType enum.
The kInvalid SandboxType is retained as it is used as an error case in
a couple of places. It might be possible to remove this in the future.
This removes default cases from switch statements where it might make
sense to have a notification in future when new sandbox types are added.
In these cases the default case is replaced with all otherwise
unchecked cases, so retaining the existing behavior.
Change-Id: I76ffc8ae617f3f8fa9aa68236551ebcfa4cce32f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1938076
Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Sergey Ulanov <sergeyu@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#723425}
This is a reland of bdc395526e
Original change's description:
> Move GPU and Plugin processes off Service Manager
>
> This introduces a new mode for Browser/ChildProcessHost where the
> primordial pipe is a simple content.mojom.ChildProcess pipe. This will
> become the new default mode of operation for child processes, and
> eventually will be the only mode of operation once NaCl processes are
> gone.
>
> GPU and plugin processes are ported to this mode here since both
> require only minimal changes. This means that "content_gpu" and
> "content_plugin" services no longer exist.
>
> Bug: 977637
> Change-Id: I39c5d2284bd84246663d5f0eb4cbab3b3483d798
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1918326
> Reviewed-by: Avi Drissman <avi@chromium.org>
> Reviewed-by: Robert Sesek <rsesek@chromium.org>
> Commit-Queue: Ken Rockot <rockot@google.com>
> Cr-Commit-Position: refs/heads/master@{#717857}
NOPRESUBMIT=true
Bug: 977637
Change-Id: Iaefab7950d7f0437b05417a34ff2b1db73576f0b
Tbr: avi@chromium.org
Tbr: rsesek@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1948907
Reviewed-by: Ken Rockot <rockot@google.com>
Commit-Queue: Ken Rockot <rockot@google.com>
Cr-Commit-Position: refs/heads/master@{#721374}
This reverts commit bdc395526e.
Reason for revert: breaks graphics on some Chrome OS devices.
Original change's description:
> Move GPU and Plugin processes off Service Manager
>
> This introduces a new mode for Browser/ChildProcessHost where the
> primordial pipe is a simple content.mojom.ChildProcess pipe. This will
> become the new default mode of operation for child processes, and
> eventually will be the only mode of operation once NaCl processes are
> gone.
>
> GPU and plugin processes are ported to this mode here since both
> require only minimal changes. This means that "content_gpu" and
> "content_plugin" services no longer exist.
>
> Bug: 977637
> Change-Id: I39c5d2284bd84246663d5f0eb4cbab3b3483d798
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1918326
> Reviewed-by: Avi Drissman <avi@chromium.org>
> Reviewed-by: Robert Sesek <rsesek@chromium.org>
> Commit-Queue: Ken Rockot <rockot@google.com>
> Cr-Commit-Position: refs/heads/master@{#717857}
NOPRESUBMIT=true
Bug: 1028852
Bug: 977637
Tbr: rockot@google.com
Tbr: avi@chromium.org
Tbr: rsesek@chromium.org
Change-Id: I21259f3cf7718ad940cafba4a56d9349412d3b74
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1948664
Commit-Queue: Shuhei Takahashi <nya@chromium.org>
Reviewed-by: Shuhei Takahashi <nya@chromium.org>
Cr-Commit-Position: refs/heads/master@{#720940}
This introduces a new mode for Browser/ChildProcessHost where the
primordial pipe is a simple content.mojom.ChildProcess pipe. This will
become the new default mode of operation for child processes, and
eventually will be the only mode of operation once NaCl processes are
gone.
GPU and plugin processes are ported to this mode here since both
require only minimal changes. This means that "content_gpu" and
"content_plugin" services no longer exist.
Bug: 977637
Change-Id: I39c5d2284bd84246663d5f0eb4cbab3b3483d798
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1918326
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Ken Rockot <rockot@google.com>
Cr-Commit-Position: refs/heads/master@{#717857}
This reduces the number of preprocessor tokens in
content_browser_client.h from 1,335,281 to 754,474. Since this is a
widely included file, reducing build times a fair bit (see bug).
TBR=tsepez for content/browser/child_process_security_policy_*
Bug: 1014009
Change-Id: Id3c2de29f5b08cab80820d01aff722afeb1618e6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1857126
Commit-Queue: Hans Wennborg <hans@chromium.org>
Reviewed-by: Richard Coles <torne@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: Nico Weber <thakis@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Reviewed-by: Sami Kyöstilä <skyostil@chromium.org>
Cr-Commit-Position: refs/heads/master@{#706388}
With the Service Manager going away, the manifest files that previously
mediated access to Mojo services across processes are going away too.
Under the new system, various //content classes have methods that bind
mojo::Receiver<T> objects via GenericPendingReceiver. Since these call
sites control access to objects across a privilege boundary, they should
be under the SECURITY_OWNERS review system.
This first pass splits out several //content and //chrome ones, but
more to come.
Bug: 1012033
Change-Id: Ic09c825c8503c570393fa7ce4d89b58bb6efe391
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1848416
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/master@{#706219}
